Please note: This Privacy Notice has been recently updated and the version below will take effect on 16th February 2025. You can view the current Privacy Notice or read a summary of the key changes.
Here at tiney, we take privacy rights seriously. We respect the privacy of all individuals we deal with, including our website visitors, childminders, families (including children) who use our services, suppliers, enquirers and anyone else we meet in our business.
This privacy notice sets out information about how we use, store and transfer personal data which we receive through our website tiney.co (the Site), through the tiney platform (the Platform, which we make available through the Site and through our app) or otherwise.
Personal data means any information about an individual from which that person can be identified. There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation (as further explained below).
We are a data controller in relation to that personal data, which means we determine the purposes and means of the processing of that personal data.
We or us means Tiney Limited, trading as tiney, a company registered in the United Kingdom under number 11194291 whose registered offices are at International House, 12 Constance Street, London, E16 2DQ. We are a registered childminder agency.
We have appointed a data protection officer (DPO), Edd Read, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights (see below), please contact the DPO at data-protection@tiney.co.
We’ve broken this Notice down to make it easier to navigate depending on your relationship with us.
-
Information for childminders who register with us, or apply to register with us (Childminders);
-
Information for parents or guardians who may use our Site and App and engage Childminders;
-
Information for anyone else who we might deal with (like suppliers, referrers, local authorities, journalists, or anyone who contacts us with general enquiries, or people just browsing the Site).
If your child is of reading age, and will be looked after by one of our registered Childminders, then we have a child-friendly privacy notice which is set out at the bottom of this Notice.
Finally – in some places in this Notice we refer to the GDPR, which is the main law setting out our legal obligations and your rights in relation to personal data (although other laws apply too, including the UK Data Protection Act 2018). That’s kind of a shorthand reference – technically there’s a European GDPR and a separate UK GDPR (which is the same wording as the EU one, just transposed into UK law as part of the Brexit arrangements), and some other subsidiary legislation as well.
When we say GDPR, we mean the UK law as transposed from the European one and then updated.
Summary
Full details are set out in the relevant sections of this Notice below, but keeping it brief:
-
we normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted (e.g. other users of the Platform or a reference provider such as Ofsted);
-
if you are a parent, then we will process personal data relating to your children. We’ve included information for you in the section for parents below, but there’s also a child-friendly privacy notice if your child is of reading age;
-
we do not normally review personal data relating to children, but might do so if we have quality or safeguarding concerns or in case of emergency;
-
we use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
-
we only provide your personal data to third parties for our business purposes or as permitted by law;
-
we store personal data for specified periods; you have legal rights in relation to your personal data which you can exercise on request;
-
the Sites use cookies; and
-
you can contact us to enquire about any of the contents of this Notice.
Importantly, this Notice relates only to the personal data which we receive and use. If you’re a parent engaging a Childminder, then you will likely provide personal data to them relating to yourself and your family. The Childminder’s use of that personal data will be governed by your own contract with them and by any privacy notice issued by them (although where copies of that data are stored in the Platform we might be a data controller together with the Childminder in connection with those copies).
This Notice supplements (and its terms apply in addition to) any other terms of use or other terms and conditions agreed between you and us from time to time, including but not limited to our General Terms of Use. It is important that you read and retain this policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using that information and what your rights are under the data protection legislation.
By using our Platform, you acknowledge you have read and understood this privacy notice and agree to the collection and processing of your data as described below.
Information for Childminders
Overview
Hello! Thanks for your interest in being a tiney childminder. If you register with us, we will receive a variety of personal data relating to you in the course of conducting checks and onboarding, and in your ongoing use of our Site and App. We will also receive personal data relating to others, such as the parents and children with whom you deal, your household members, and your referees. It might be helpful to summarise the various relationships for context first.
-
Tiney is data controller in relation to all personal data received in connection with your use of the Platform. That means we have to comply with law in handling it (and in particular have to make this Notice available to you in relation to how we handle your personal data). We also make this Notice available to families who use the Platform.
-
If you run a childminding business in the UK, you are also subject to data protection laws as a data controller. Our help centre has some useful information about your obligations under data protection law, and how tiney can help you meet them. The main thing to understand is that if you receive personal data relating to families in providing your services to them, you are a data controller in relation to that data. That means you need to provide your own privacy notice to families who use your services (the Childcare Agreement tiney provides includes a standard notice which should be suitable for most childminders). If that personal data is stored on the tiney Platform then in some instances both you and we will be data controllers of that personal data (since we’re both using it for our respective business purposes).
Personal data we handle
In connection with your use of our Platform and activities as a tiney childminder we may handle the following data:
-
Account data, which you provide to us in setting up or using an account on the Platform, or in registering for and attending a webinar or an inset day event we run from time to time (we may receive your information from EventBrite for this), or in engaging with us offline (e.g. in phone calls with us which may be recorded with your explicit consent) to provide services to you or when you enquire about our services. The account data may include your name, email address, phone number, postal address, customer ID, gender, age, voice, username, password, and nursery/business name. If you use a third-party application like Facebook to log into your account then we may receive and process account data from the relevant third party.
-
Discovery data, which we receive when you complete discovery on the Platform and when we visit your home to assess the suitability of your premises, or which we may collect in phone calls with you which may be recorded with your explicit consent, or when we receive any complaints about you. This may include: data relating to the completion of discovery modules and learning reviews; your responses to assessment questionnaires and quizzes (including your level of education and scores and responses to NPS/CSAT customer satisfaction metric questionnaires); and responses to our safeguarding questionnaire and our ‘about you’ onboarding and training questionnaires (including your full name and any maiden/previous names, gender, place of birth, nationality, date of birth, national insurance number, phone number, 5-year address history, and any personal data relating to your location, home/accommodation, work status, existing and previous profession, visa status, household members including the number of other people who live/work in your home (and their Enhanced DBS certificate status) and the number of children you are currently caring for (if applicable), previous/current Ofsted or other childminding agency registration information (including agency name and registration number), health circumstances, details of employers or volunteering organizations, paediatric first aid certificate status, the fact of any bankruptcy or individual voluntary arrangement (IVA) or county court judgment (CCJ), and your motivations for opening a nursery and working with children), and any referral codes. When you share or use a referral code, we may collect information such as your name, email address, and the referral code used to track the referral and apply rewards or discounts.
-
Check data, which we receive as you go through the various compliance checks we make in our capacity as a childminder agency. This may include: your name; date of birth; address history (5 years) which we may receive through Ucheck applications; names of household members; welfare information such as family and home life circumstances and history (including data captured in our household forms), ID documents (including those uploaded through Ucheck); signature; your experience and qualifications; registration history with OFSTED or other agencies; local authority and occupational health checks; prior involvement with social services, local authority mental health teams or the police; prior criminal cautions or convictions; and references and criminal record checks (namely Enhanced DBS checks in the UK or its international equivalent on you and all people aged 16 and over who will regularly be in your home nursery), and first aid certificates. We may also conduct credit checks (as some of the suppliers of the benefits we offer to our Childminders, like insurance, may require these). We may get some of this information from third party reference providers and background check providers such as local authorities, Ofsted or other childminding agencies, and occupational health consultants.
-
Health data, which is personal data relating to your health which we may receive in onboarding (e.g. through a health declaration form, GP records and medical summaries, or from RTW Plus Ltd (who provide practising GP and nurse clinicians to us) if you provide health data to them as part of their virtual health consultations with childminders) or which you may choose to share with us later.
-
Payment and transaction data, which we may process in relation to payments we make to you, receive from you, or process on your behalf through the tiney wallet, including details of products and services you have purchased from us. These may include your contact details, your payment account details, the transaction details, reference codes for processing any refunds and any eligibility information in relation to student finance, funded hours, tax-free childcare and other payment schemes. We do not collect or process your credit or debit card details when you make or receive payments. We use Stripe as a payment processing service provider and it is Stripe who will collect and process your card details. For more information, you can access Stripe’s own privacy policy here.
-
Contracts data, which means records relating to the performance of your or our services (for instance, the record of the engagement of a childminder by a parent, records of the tiney benefits you have elected to receive and records of training or eligibility questionnaires you have completed on the Platform, as well as personal data captured in the offer commitment declaration form and the Childcare Agreement between parents and childminders). Contracts data may also include any correspondence between you and us relating to your use of our Platform, or correspondence or feedback with/from any other person which concerns you (e.g. if a parent contacts us directly with feedback on your services or somebody leaves a review about you, as well as personal data captured in any incident reports).
-
Register data, which means records of sign in/sign out at your childminding setting.
-
Journal data, which is information you record in learning journals (tracking a child’s progression against the Early Years Foundation Stage), or other logs or journals on the Platform where you can make notes in connection with the childminding services you have provided, for your own, the parent or guardian’s, or tiney’s reference.
-
Messaging data, which is information contained in messages sent between you and parents/guardians via the Platform, whether sent as direct messages or through noticeboard functions. We do not normally see or read messages between you and parents/guardians, and would only access these in connection with quality or safeguarding concerns or to address emergencies.
-
WhatsApp and Community Hub data, (including names, phone numbers, profile data, any information voluntarily shared within messages, and any event attendance booking information), which may be shared by you and other childminders in community WhatsApp childminder groups and in tiney’s Community Hub to facilitate communication, networking, and sharing of relevant updates and resources among local childminders. Participation in these groups/hub is voluntary, and they are intended for professional collaboration and support. tiney is assigned as admin for WhatsApp groups. Other participants in the group/hub will also see your name, profile information and any information you share in messages as displayed in the group. Please do not share sensitive or personal information about others in these groups/hubs (especially personal data, photos or videos pertaining to any children) unless you have their explicit consent to do so. Please note that WhatsApp is a third-party platform, and its use is subject to WhatsApp’s privacy policy. We are not responsible for WhatsApp’s processing of your personal data.
-
Profile data, which is information contained in your public web profile on the Site and/or App or any information or content you choose to share on our social media channels (and we may notify others that you have joined our Site and/or posted content), which might include your name, photo, location, and descriptions of your childminding setting and anything else you choose to share. Please do not post or add personal data to your profile that you would not want to be publicly available.
-
Usage data as you interact with our Site and/or App, we will automatically collect technical data about your equipment, browsing actions and patterns and data about your use of our Site and Platform, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use. Technical and usage data is collected from analytics providers such as Google (Google Analytics and Google Ads) based outside the UK and advertising networks such as Meta (Facebook ads) based outside the UK.
What we do with it
Here’s what we do with your personal data, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)
We may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data.
Type of Data | Purpose/Activity | Legal Basis for Processing |
---|---|---|
Account data, contracts data | Operating our Platform, for sales and lead generation purposes, providing our services and the features of our Platform (including managing and providing access to our events and webinars), verifying logins, and for communicating with you. Our webinars may be recorded for internal review or future promotional purposes. If you participate in the Q&A or chat, your contributions may also be included in the recording. We will notify you in advance of any recording. We sell voucher codes for discounted first aid training courses, through our online shop. If you purchase a voucher, we process your personal data (including name and email address) to facilitate your order and share relevant information with the training provider to enable you to redeem the voucher. We may invite you to leave a review on Trustpilot to share your feedback about our services. | Performance of a contract with you (i.e. delivering our services) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications (including delivering relevant content), to drive customer growth and engagement on our Platform, and to help us understand customer satisfaction and improve our offerings. Your consent (for TrustPilot reviews) if legitimate interests cannot be relied on. |
Payment and transaction data | Making and receiving payments for our products and services, for order fulfillment when you purchase online supplies, to register you with a local authority for funding, for submitting student finance claims on your behalf (where relevant). | Performance of a contract with you (i.e. delivering our products and services) (Art. 6.1(b) GDPR). |
Discovery data, check data | Confirming the suitability and motivations of childminders to provide childminding services. We have a duty to ensure suitability under the Childcare Act 2006 and Childcare (Childminder Agency) (Registration, Inspection and Supply and Disclosure of Information) Regulations 2014. | Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents and in delivering and improving our Platform. Compliance with our legal obligations (Art 6.1(c) GDPR, Art 9.2(b) GDPR) to conduct these checks as a CMA, including for anti-money laundering purposes. Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR). Legitimate interests in running and managing our referral program and rewarding participants. |
Criminal record information contained in check data | Confirming the suitability of childminders to provide childminding services. | Your consent, compliance with our legal obligations. |
Childminder health data | Confirming the suitability of childminders to provide childminding services. | Your consent, compliance with our legal obligations. |
Register data | Maintaining the child passport feature helps Childminders meet their legal obligations to maintain records in relation to children in their care. It also helps us check billing and payments and fulfil our safeguarding and quality roles as a CMA. | Legitimate interest in providing our service to Childminders and helping them meet their legal obligations. Compliance with our legal obligations. |
Journal data | Reviewing journal entries and other logs in our role as a CMA, as part of our quality assurance and safeguarding processes. | Legitimate interest in providing assurance of a safe and high-quality service to families. Compliance with our legal obligations to conduct these checks as a CMA. Your consent. |
Messaging data | Investigating safeguarding and quality concerns. | Legitimate interest in ensuring a safe and positive user experience. |
WhatsApp and Community Hub data | Monitoring childminder community sentiment and offering support, and to manage events and disseminate information. Phones numbers used to add participants to the WhatsApp group. | Legitimate interest in fostering collaboration and supporting professional communication among childminders. |
Profile data | Displaying your profile. Creating case studies for marketing, educational and promotional purposes. | Legitimate interest in promoting your, and our, services. We will only use your personal data in case studies with your explicit consent. |
Usage Data | Analysing the use of, and improving, our Platform and Site, security monitoring and fraud detection. | Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy, and to study how customers use our services to develop them and grow our business. |
Any personal data | For the purposes of legal compliance (e.g. maintaining tax records). | Compliance with our legal obligations. |
Any personal data | Bringing and defending legal claims. | Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights. |
Any personal data | Record-keeping and hosting, back-up and restoration of our systems. | Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data. |
How we use particularly sensitive personal information
Special categories of particularly sensitive personal information, such as information about your health, racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual orientation, genetic and biometric data, or trade union membership, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information and we will only do so with your explicit consent to the processing of those personal data for the purposes below unless we have a legal basis (in the field of employment and social security and social protection law) to conduct such checks. Where we approach you for consent, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
The situations in which we will process your particularly sensitive personal information (such as health and medical records) are, unless we indicate otherwise, to comply with our legal obligations and generally to assess your safety and suitability to provide childminding services since such services involve significant responsibilities related to the safety and welfare of children.
Where it goes
Any information which you choose to include in your profile will be visible to users of the Site and Platform. Messaging data you send to families and register and journal data relating to their children will be visible to those families, as will some contract data relating to your services to those families. We are also required to share your tiney registration and deregistration details with your local authority, as well as census data collected in relation to you and your services. Otherwise, your personal information may be transferred to our suppliers and third parties as described in the section headed providing your personal data to others below.
Information for parents / guardians
Overview
Hello! Thanks for using tiney. We will receive a variety of personal data relating to you and your children in connection with the childminding services provided to you, our provision of our Platform, and our statutory responsibility as a childminder agency. It might be helpful to summarise the various relationships for context first.
-
Tiney is data controller in relation to personal data we receive relating to you and your children. That means we have to comply with law in handling it (and in particular have to make a notice available to relevant individuals).
-
This Notice describes how we handle your, and your children’s, personal data. If your children are of reading age, then you should provide to them the Information for Children set out below. Otherwise, you should ensure you have read and understood the information in this section on their behalf as well as your own.
-
Childminders are also data controllers. Each tiney childminder should have provided you with their own privacy notice at the time you entered into a Childcare Agreement with them. In some instances both we and the childminder will be data controllers of personal data stored on the tiney Platform (since we’re both using it for our respective business purposes) but we suggest you contact us in the first instance with any queries.
Personal data we handle relating to you
In liaising between you and your chosen Childminder, and providing you both with access to the features of our Platform, we may handle the following data:
-
Account data, which you provide to us in setting up or using an account on the Platform, or in engaging with us offline (e.g. in phone calls with us which may be recorded with your explicit consent) to provide services to you or when you enquire about our services. The account data may include your name, email address, phone number, postal address, customer ID, voice, username and password. If you use a third-party application like Facebook to log into your account then we may receive and process account data from the relevant third party. We may also collect your national insurance number when a childminder submits a new contract request for funding and provides this to us with your consent.
-
Payment and transaction data, which we may process in relation to payments we receive from you (or in the case of refunds paid to you). These may include your contact details, your payment account details and the transaction details, reference codes for processing any refunds and any funding eligibility information. We do not collect or process your credit or debit card details when you make or receive payments. We use Stripe as a payment processing service provider and it is Stripe who will collect and process your card details. For more information, you can access Stripe’s own privacy policy here.
-
Contracts data, which means records relating to the performance of our or the Childminder’s services (for instance, the record of your engagement of the Childminder), as well as personal data captured in the Childcare Agreement between parents and childminders. The contracts data may also include any correspondence between you and us relating to your use of our Platform, or correspondence with any other person which concerns you (e.g. if a Childminder contacts us in relation to the contract between you and them, as well as personal data captured in any incident reports).
-
Journal data, which means comments you may add to the learning journal or other journals or logs in which the Childminder makes notes of your child’s progress against the Early Years Foundation Stage or otherwise make notes in relation to childminding services provided.
-
Messaging data, which is information contained in messages sent between you and Childminders via the Platform. We do not normally see or read messages between you and childminders and would only access these in connection with quality or safeguarding concerns or to address emergencies.
-
Usage data as you interact with our Site and/or App, we will automatically collect technical data about your equipment, browsing actions and patterns and data about your use of our Site and Platform, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use. Technical and usage data is collected from analytics providers such as Google (Google Analytics and Google Ads) based outside the UK and advertising networks such as Meta (Facebook ads) based outside the UK.
Personal data we handle relating to your children
In liaising between you and your chosen Childminder, and providing you both with access to the features of our Platform, we may handle the following data relating to your children:
-
Child passport data, which means the key information you record (or the Childminder records) in the child passport feature of the Platform. This includes the child’s: name; date of birth; unique identifier; profile picture; address; language, gender, ethnicity, dietary requirements and health information including allergies, required medications, treatments, and permissions for the Childminder to administer medications; child’s doctor surgery and doctor’s name, address and number; educational needs, including special needs or disabilities and receipt of any disability or other funding or free meals; details of any other educational settings the child attends (including its name and the name of any contact at that setting); the child’s social worker’s name and contact details; favourite books, toys, interests or activities; guardian and childminder IDs associated with the child; emergency contact information (including name, number and relationship to the child); drop off/pick-up information (i.e. names of parents / guardians who perform the daily drop off/pickup), and any marketing consents (e.g. whether you as a parent have consented to certain activities and to the use of pictures of your child for marketing, profile and journal purposes). tiney does not typically review the content of child passport data, but will only check whether key information is present for quality and safeguarding purposes consistent with our role as a CMA. We might review the child passport for quality or safeguarding purposes or in case of emergency (e.g. to contact emergency contacts).
-
Journal data, which means entries the Childminder may make in the learning journal, or other journals or logs on the Platform, comments you may add to the learning journal, or other journals or logs in which the Childminder makes notes of your child’s progress against the Early Years Foundation Stage or otherwise make notes in relation to childminding services provided.
-
Register data, which means records of children being signed in / signed out at the Childminder’s setting.
-
Messaging data, which is information contained in messages sent between you and Childminders via the Platform, the subject matter of which will likely be your children. We do not normally see or read messages between you and childminders and would only access these in connection with quality or safeguarding concerns or to address emergencies.
-
Photos of your child, to the extent they are included in the messaging data, journal data or child passport data, or if you have provided express consent for the use of those photos to promote our, or any Childminder’s services.
What we do with it
Here’s what we do with your personal data, and personal data relating to your children, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)
We may process personal data on more than one legal basis depending on the specific purpose for which we are using it.
Type of Data | Purpose/Activity | Legal Basis for Processing |
---|---|---|
Account data, contracts data, payment and transaction data | Operating our Platform, for sales and lead generation purposes, providing our services and the features of our Platform, making and receiving payments, checking your eligibility for local authority funding, verifying logins, and communicating with you. We may also process you or your child’s name and/or postcode to locate the relevant invoice to reconcile against your payment when you use a voucher scheme to make payment and the operator of that scheme provides us with this information. We may invite you to leave a review on Trustpilot to share your feedback about our services. | Performance of a contract with you (i.e. delivering our services) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications, and to help us understand customer satisfaction and improve our offerings. Your consent (for TrustPilot reviews) if legitimate interests cannot be relied on. |
Child passport data | Maintaining the child passport feature helps Childminders meet their legal obligations to maintain records in relation to children in their care. | Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents, and providing assistance to Childminders in meeting their legal obligations. |
Register data | Maintaining the register helps Childminders meet their legal obligations to maintain records in relation to children in their care. It also helps us check billing and payments and fulfil our safeguarding and quality roles as a CMA. | Performance of a contract with you. Legitimate interest in providing assurance of a safe and high-quality service to parents, and providing assistance to Childminders in meeting their legal obligations. |
Journal data | Reviewing journal entries and other logs in our role as a CMA, as part of our quality assurance and safeguarding processes. | Legitimate interest in providing assurance of a safe and high-quality service to families. Compliance with our legal obligations (Art 6.1(c) GDPR, Art 9.2(b) GDPR). Your consent (Art. 6.1(a) GDPR, Art. 9.2(a) GDPR). |
Messaging data | Investigating safeguarding and quality concerns. | Legitimate interest in ensuring a safe and positive user experience. |
Photos | Where included in messaging data, passport data or journal data, the same uses as above. Where you have consented to use for marketing purposes, for marketing. | Legitimate interest and performance of contract, as above. Consent (Article 6.1(a) GDPR). |
Usage Data | Analyzing the use of, and improving, our Platform and Site, security monitoring and fraud detection. | Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy. |
Any personal data | For the purposes of legal compliance (e.g. maintaining tax records). | Compliance with our legal obligations. |
Any personal data | Bringing and defending legal claims. | Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights. |
Any personal data | Record-keeping and hosting, back-up and restoration of our systems. | Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data. |
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate local authority funding headcount data to calculate the percentage of users accessing funded placements in order to analyse general trends and to help improve our service offering, or aggregate the hourly rates offered by childminders in different areas to provide advice to newly registered childminders to help them set their rates.
How we use particularly sensitive personal information
Special categories of particularly sensitive personal information, such as information about your/your child’s health, racial or ethnic origin, political opinions, religious and philosophical beliefs, sexual orientation, genetic and biometric data, or trade union membership, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information and we will only do so with your explicit consent to the processing of those personal data for the purposes below unless we have a legal basis (in the field of employment and social security and social protection law) to conduct such checks. Where we approach you for consent, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
The situations in which we will process your/your child’s particularly sensitive personal information (such as health and medical records) are to comply with our legal obligations and ensure your child’s safety and wellbeing in the care of our childminders. The situations in which we will process other sensitive personal information, such as your ethnicity, are in the context of compiling census data for reporting to local authorities (with your consent).
Where it goes
Child passport data, journal data, messaging data, register data and some contract data will be available to the Childminders who provide you with services. Otherwise, your personal information may be transferred to our suppliers and third parties as described in the section headed providing your personal data to others below.
Information for everyone else
Overview
While our core business involves working with childminders and families, we will also receive personal data from others connected with our business like suppliers, local authorities, commercial partners, journalists, or people who get in touch with us for any other reason. We may also receive personal data from our users which relates to you – for instance, if you are a providing a reference for one of our childminders, if you are authorized to pick up children in our childminders’ care, if you are a doctor providing a health statement, or if you are a household member of a childminder applicant or an emergency contact.
Personal data we handle relating to you
We may handle any of the following personal data:
-
Correspondence data: this is information contained in or relating to any enquiry or communication that you send to us or that we send to you (including via our social media channels), or intended to help us communicate with you if needed. This may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us such as your name, email address, phone number, job title, address or social media handle.
-
Partner data: If we have some other commercial relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship) then we may handle your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, POs and invoices, proposals and so on).
-
Usage data: as you interact with our Site and/or App, we will automatically collect technical data about your equipment, browsing actions and patterns and data about your use of our Site, which we obtain through analytics tools. This may include: your IP address; geographical location; browser type and version; device type, OS and display size; referral source; length of visit; page views and website navigation paths; as well as information about the timing, frequency and pattern of your service use. Technical and usage data is collected from analytics providers such as Google (Google Analytics and Google Ads) based outside the UK and advertising networks such as Meta (Facebook ads) based outside the UK.
What we do with it
Here’s what we do with your personal data, and in each case the lawful basis on which we do it. (The legal bit - GDPR requires data controllers like us to ensure that we only process personal data on one of a number of specific lawful bases, which are set out in Article 6 GDPR. We have to document our lawful basis of processing, and we also have to tell the data subject (i.e. you) the basis on which we rely in our processing activity. Where that basis is our “legitimate interests” connected with the processing activity, we have to tell you what that interest is.)
We may process personal data on more than one legal basis depending on the specific purpose for which we are using it
Type of Data | Purpose/Activity | Legal Basis for Processing |
---|---|---|
Correspondence data | Communicating with you, keeping records in relation to our business. | Performance of a contract with you (if the correspondence relates to possible services you or we may provide) (Art. 6.1(b) GDPR). Legitimate interest (Art. 6.1(f) GDPR) in properly administering our business, services and communications. |
Partner data | Administering our commercial relationship with you. | Performance of a contract with you. Legitimate interest in properly administering our business, services and communications. |
Usage data | Analyzing the use of, and improving, our Platform and Site, security monitoring and fraud detection. | Legitimate interest in delivering and improving our Platform and Site, informing marketing strategy. |
Any personal data | For the purposes of legal compliance (e.g. maintaining tax records). | Compliance with our legal obligations. |
Any personal data | Bringing and defending legal claims. | Legitimate interest in conducting and defending legal claims to preserve our, and others’, rights. |
Any personal data | Record-keeping and hosting, back-up and restoration of our systems. | Legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data. |
Direct marketing
We want to ensure that you are informed and aware of the best services and promotions that we can offer you. You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving the marketing.
We may also analyse your personal data to form a view about which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.
Third-party marketing
We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
Opting out of marketing
You can ask to stop sending you marketing communications at any time by following the opt-out/unsubscribe links within any marketing communication sent to you or by contacting us at community@tiney.co.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to service availability notifications, order confirmations, updates to our terms and conditions, and checking that your contact details are correct.
TrustPilot Reviews
We may contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services and products (the “Purpose”). We use an external company, Trustpilot A/S (“Trustpilot”) (who acts as our data processor) to assist with sending our review invitation emails and collecting feedback on our behalf from people who have used our services. This means that we will share your name, email address and any reference number with Trustpilot for the Purpose. If you want to read more about how Trustpilot process your data, you can find their Privacy Policy here. We may also use such reviews in other promotional material and media for our advertising and promotional purposes. You can opt out of receiving review invitations at any time by following the unsubscribe link in those communications or by contacting us at any time.
Lookalike Audience Building
With your explicit consent, we may share your email address, with Facebook in encrypted (hashed) form to create Lookalike Audiences. This enables us to display relevant advertisements to individuals on Facebook who share similar characteristics or interests with our existing customers. Facebook uses this information only to match the data we provide with its user database and create audiences for our advertisements. It does not share your personal data with third parties or use it for purposes other than creating Lookalike Audiences on our behalf.
Providing your personal data to others
In the ordinary course of our business we will disclose some information to third parties like our suppliers or advisors. This section explains when we might share your personal data with others.
Our advisors. We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.
Disclosures designated by you. We may disclose your personal data to third parties designated by you, such as other users of the Platform (like when we liaise between parents and Childminders).
Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we’ve described above. For example, we may disclose:
-
any personal data in our possession to suppliers which host the servers on which our data is stored (including GDrive cloud storage providers), or which host third-party platforms we use to deliver our webinars (such as Zoom and Google Meet), or which provide community forum software (such as Insided.com) or call recording software (such as Aircall), or customer support tools (such as Intercom), or call scheduling/booking facilities (such as Calendly), or internal project and product management tools (such as Shortcut, Trello, Notion, Miro and Incident-io), or design and content management providers (such as Contentful), or to data warehousing and data and service automation providers (such as Stitchdata, Parabola and Zapier), and to web behaviour tracking providers (such as Hotjar), and to providers that process feedback forms on our behalf (such as Google Forms), or to freelance staff (including community childminder coaches) whose duties involve handling the relevant personal data, and to secure email platforms used by local authorities (such as Egress);
-
contact details to providers of email, CRM, email marketing or physical delivery/courier services (including AirTable and HubSpot, based outside the UK), and to SMS messaging platforms (such as Twilio) and to Shopify (an e-commerce platform located outside the UK that we use to facilitate order processing and payments for childminder supplies and tiney-branded kit) and to providers of e-commerce order fulfillment (such as Huboo), and to venues running our events if they require it, and to Tigerlily Training Ltd who provides first aid training to trainees and to enable the redemption of any first aid voucher code purchased by a childminder (note that they are responsible for processing your personal data in accordance with their own privacy policy, which we recommend you review before using their first aid training);
-
login credentials to cloud-based authentication and authorization services (such as Auth0) to manage user login and secure access to our services;
-
payment and transactions data to our payment processing and banking as a service providers (such as Stripe and Modulr) and to platforms for referrals and rewards (such as Tremendous), to local authorities (where we process funded placements in affiliation with them), to Shopify in connection with purchases made via our Site, and to providers of e-commerce order fulfillment (such as Huboo). Any student finance reference number for a childminder (a ‘CCG’) is also shared with the parent in order for the parent to link the child with the childminder;
-
discovery data (such as answers to qualifying questions) to scheduling platforms such as Calendly (based outside the UK), and information collected through home visits to internal communication and collaboration platforms (such as Slack), and to field service and client management tools (such as Jobber), and responses to customer satisfaction surveys to business intelligence tools (such as Metabase);
-
check data such as identification documents to providers of database management tools (such as AirTable) and to U-Check who acts as our third party processors and manager of DBS checks, and national insurance numbers may be shared with local authorities to enable them to perform funding eligibility checks;
-
health data (childminder health declaration forms) may be shared with the childminder’s GP or nominated medical advisor and we may share childminder health data with RTW Plus Ltd (who provide practising GP and nurse clinicians to us) for their purposes in carrying out virtual health consultations with childminders, and to GPDQ (for their health check services);
-
usage data to providers of analytics services; and
-
information relating to our childminders, like correspondence, account or check data, to third parties who provide benefits for those childminders (for example, insurers such as BHSF and Morton Michel) or who provide check services (like criminal record, local authority or credit checks). We will share information relating to you (or as applicable other members of your household) for check services purposes only to the extent sufficient to identify you (such as your name, address and date of birth) so that they can check their own records in relation to you (or as applicable other members of your household).
We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
Events
We may capture photographs and videos during events we run, which may include identifiable images of attendees. We process photos and videos to document the event, promote future events, and share highlights with attendees and the public. We rely on your consent to use your images for promotional purposes. Where consent is not obtained, we may rely on our legitimate interests to document the event, provided this does not override your rights and freedoms. You will be informed and given the option to provide or withhold consent for photography and videography during registration or upon entering the event. You may withdraw your consent at any time by contacting us at [insert contact details]. Images and videos may be shared publicly on our website and social media platforms.
Compliance
We may also disclose your personal data where necessary to comply with law (in particular if we become aware of any criminal activity or serious safeguarding concerns) including during emergency situations or where necessary to protect the safety of persons (for example we may need to share personal data with emergency services or social services).
Restructuring
If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations.
International transfers of your personal data
Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the UK and the EEA or may transfer your personal data to their own service providers located outside the UK and the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission). You may contact us if you would like further information about these safeguards.
Personal data that you submit for publication on the Site or Platform or otherwise make visible to other users may be available, via the internet, to others around the world. We cannot prevent the use (or misuse) of such personal data by others.
Data security
We have put in place appropriate security measures to protect your personal data. These include (but are not necessarily limited to) encryption, access controls, regular software updates and patching, firewalls and anti-malware software, data backup and recovery plans. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.
Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.
Retaining and deleting personal data
We don’t keep personal data any longer than is needed to fulfil the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. This section describes how we retain and delete personal data.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not kept for longer than is necessary for the relevant purposes. We maintain a retention policy, details of which are available on request.
We may retain your personal data longer where necessary to comply with law or in connection with any legal claim.
Our use of cookies
We use cookies and similar technologies to recognise you, improve our Site and services and for tracking purposes. For more information about the cookies we use and how to change your cookie preferences, please see our cookie policy.
Your rights
It’s important that you know your rights in relation to your personal data. This section should help you understand and exercise your legal rights.
You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at https://ico.org.uk/ for a fuller explanation of your rights. In summary, though:
-
the right to withdraw consent: where our processing is based on your consent (as described above) you have the right to withdraw that consent at any time by notifying us, in which case we will stop the relevant use;
-
the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information;
-
the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
-
the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes);
-
the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
-
the right to data portability: you have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
-
the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law;
-
rights regarding automated decision-making (see below): you have the right to request an explanation of how the decision was made, contest the decision and provide additional information for reconsideration, and request that a human reviews the decision instead of relying solely on the automated process; and
-
the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Automated decision-making and profiling
We may carry out automated decision-making and profiling to evaluate a potential childminder’s health, qualifications and previous record to determine their suitability for the role. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. Specifically, we use algorithms to analyse the answers you provide on these data points in the initial call booking form. This process is designed to ensure that applications are assessed fairly and consistently. The answers you provide in the form are automatically processed using predefined criteria to assess whether you meet the requirements for the role. If the results indicate that you do not meet the criteria, you may be informed that you are not suitable for the role at that early stage.
You will not be subject to decisions that will have a legal (or similarly significant) effect on you based solely on automated decision-making, unless we have a lawful basis for doing so. It is possible our processing of your data may significantly impact your employment opportunities, career progression and financial status, and may therefore constitute a significant effect under GDPR, meeting the criteria for automated decision-making. We rely on your explicit consent to conduct this processing, as required by law, unless the decision is necessary for the entry into, or performance of, a contract between you and us (i.e. for childminding services). Where we request your consent, we will provide clear information explaining that profiling will be provided, including its significance and the likely consequences.
We have implemented measures to safeguard your rights, freedoms, and legitimate interests, including periodic reviews of the automated decision-making process to ensure fairness, accuracy, and non-discrimination.
Exercising your rights
If you wish to exercise any of the rights set out above, please contact us at the contact details listed below (‘Contact Us’). You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third Parties
The Site and App may contain links to third party websites and refer to third party service providers and other entities (including third party check providers such as DBS). If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.
Amendments to this Notice and your duty to inform us of changes
We keep this Notice under regular review and may update it from time to time by publishing a new version on the Site and App. This version was last updated in January 2025. You should check occasionally to ensure you are happy with any changes to this Notice, although we may notify you of significant changes to this Notice using the contact details you have given us, to enable you to review the changes before they become effective. If you object to any changes, you may close your account. Any changes will become binding on you upon your first use of our Site or services after the changes have been implemented.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
Data protection registration
We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA451440.
Contact Us
If you have any questions, comments or requests regarding this Privacy Notice or our use of any personal data you provide to us, please contact us at Tiney Limited, International House, 12 Constance Street, London, E16 2DQ or at data-protection@tiney.co
Last updated: 17th January 2025
Child-friendly privacy notice
Who are we?
We are tiney, a company which connects childminders with parents and guardians. We also provide an online platform which helps the childminder and parent or guardian make arrangements, make payments, and share information more easily when the childminder looks after the parent or guardian’s children.
We are registered as a childminder agency, which means we have to obey laws which apply to those sorts of agencies. Childminders also have to obey laws which apply to childminders.
If you have any questions about this notice you can contact us at data-protection@tiney.co – if you’re under 13 you should ask a parent or guardian to do this.
What is personal data?
“Personal data” means any information which relates to you. This could be your name or address, or it could be notes which relate to you (like a record of any allergies you may have, or your learning progress).
Why does tiney have your personal data?
We might receive personal data from your parent or guardian, or from the childminder who helps looks after you.
What personal data might tiney have?
We might have a few different kinds of personal data. Some of this is personal data which childminders are required to keep in order to comply with law. Our platform helps childminders and parents manage their childminding arrangements, and it’s helpful for that personal data to be stored on our platform. Some of this is personal data which might not be required by law, but which is useful to us when we provide our services connecting your parent or guardian and childminder. Here’s what we might have:
-
Your name;
-
Your date of birth;
-
Your unique identifier;
-
Your profile picture;
-
Your address;
-
Your language, gender and ethnicity;
-
Your dietary requirements and health information, such as details of any allergies, treatments or special learning or physical requirements you may have;
-
Details of your doctor;
-
Details of any other educational settings you attend and contacts there;
-
Details of any social worker you have;
-
Details of your likes and dislikes, like favourite books, toys, interests or activities (or things you don’t like or want to do);
-
Information relating to your parents or guardians, or friends or family members who have permission to drop you off and pick you up from your childminder, and who we would contact in an emergency;
-
Records relating to your learning and other activities at your childminder, and when you were dropped off and picked up;
-
Notes and messages which your parents or childminders might make or send on our platform, which might be about you;
-
Photos which your parents or childminders might send each other through our platform, which might include you. If you or your parent or guardian have given consent for us, or for childminders, to do certain activities with you or to use photos for marketing, profile or journal purposes, we will have a record of that consent.
What do we do with your personal data, and why?
We mostly hold your personal data to help your childminder and parent or guardian make arrangements, make payments, and share information more easily when the childminder looks after you. Most of the time, we don’t look at that personal data ourselves because we don’t have any reason to. For example, if your parent sends a message to your childminder which says “Alex has a sore arm today, so please don’t do any physical exercise,” or if your childminder maintains a record of your allergies and emergency contact details, we won’t normally look at that information. However, we might review that information:
-
if we have any reason to worry that childminding is not being conducted safely or properly. Because we are a registered childminder agency, we have to make sure that our childminders act properly. We also want to make sure that parents and guardians are happy with the childminding service.
-
to help resolve any disagreements or questions between your parent or guardian and childminder.
-
If there is an emergency. For instance we might need to check records relating to your health or who we can call in an emergency if you are hurt.
It is legal for us to hold and use this data for three main reasons:
-
To comply with our legal obligations as a childminder agency.
-
To provide our services and our platform to parents, guardians and childminders, which is useful to us (because that is what we do in our business) and to them (because our service is helpful to them). The childminder has to keep records to comply with their own obligations, and we help them manage that. The parents and guardians want to be able to set up and manage childminding arrangements easily, and we help them with that, too.
-
If you or your parents have given consent (in relation to our use of photos, or some information relating to your health).
Where does your personal data go?
Your personal data will be shared between your parent or guardian and your childminder. We may also share it with companies who provide services to us, if needed for them to provide those services to us. Some of those companies might be located outside the UK, and even outside Europe. Finally, we may share personal data if we are required to by law.
How long do we keep your personal data?
We keep your personal data only as long as it is needed in order for us to use it for the purposes we’ve described. We have a detailed policy setting out different timings to delete different kinds of personal data.
Your rights. You and your parents or guardians both have the right to:
-
be told how we use your personal data;
-
ask to see the personal data we hold;
-
ask us to change personal data if you think it is wrong;
-
ask us to delete personal data when it’s not needed anymore;
-
ask us to only use your personal data in certain ways; and
-
complain to the regulator in charge of data handling in the UK, which is the ICO.
We have kept this notice short and clear. We have also provided a longer notice to your parent or guardian describing how we handle your personal data, and if you have any queries you can talk to them as well as us.
What to do if you have any questions:
If you have any questions, comments or requests regarding this Privacy Notice or our use of any of your personal data, please contact us at Tiney Limited, International House, 12 Constance Street, London, E16 2DQ or at data-protection@tiney.co, or by telephone at 020 4579 9034.
Last updated: 17th January 2025